Creating Reports via the API

I am trying to create a bunch of reports that are all similar.
I created one via the GUI and it worked, I then used the API to pull the attributes to create all the others.
I’m getting a 400 error of “The current user does not have permissions to assign user access to reports (the ‘manage-report-access’ privilege).” even though the user is a global admin.
Anyone else run across this?

That’s interesting, since global admin should include the correct permissions for that. Which endpoint(s) are you seeing this error for?

POST call to https://<server>:3780/api/3/reports

{
    "email": {
        "access": "file",
        "additional": "file",
        "additionalRecipients": [
            "<Manager's Email>"
        ],
        "assetAccess": false,
        "owner": "file",
        "smtp": {
            "global": false
        }
    },
    "filters": {
        "severity": "all",
        "statuses": [
            "vulnerable",
            "potentially-vulnerable",
            "vulnerable-version"
        ]
    },
    "format": "csv-export",
    "frequency": {
        "repeat": {
            "every": "week",
            "interval": 2
        },
        "start": "2018-10-09T13:00:00Z",
        "type": "schedule"
    },
    "language": "en-US",
    "name": "<Asset Group>",
    "owner": 69,
    "scope": {
        "assetGroups": [
            238
        ],
        "assetsInOnlyMostRecentScanOfSite": true
    },
    "template": "vulnerability-32-report-32-with-32-proof",
    "timezone": "America/New_York",
    "users": [
        148
    ]
}

@{status=400; message=The current user does not have permissions to assign user access to reports (the 'manage-report-access' privilege).; links=System.Object[]}

I have about 50 reports to create and the only differences are the Name, Asset Group, User, and Additional Recipients.
I didn’t want to manually have to create these because they are so similar.
Manually Creating these using my account works, both my account and the API account are Global Admin, and these are net new Report Creations.

I haven’t been able to reproduce this on my side, but what might be happening is that there’s an error occurring with the request and it’s simply displaying the wrong error message. I can put in a ticket on our side to check on this, sorry about that.

One more thing - for the users you’re attempting to assign report access to, are they in admin roles? Or are they in other user roles? I ask because I do wonder if this error could occur if you’re attempting to give report access to folks who already implicitly have access.

I already have a ticket open, 01654710, I’m just double dipping here.
I can add the using via the GUI with no issues.
I built the report in the GUI then pulled its details through the API to make my request just changing a couple things like the group, but the group I’m replacing it with was created the same way as the original, so there isn’t anything different in the permissions.
Just to test that. I deleted the original report and using the exact data I pulled from it tried to recreate it and got the same error.

I figured it out. When using the API, the permissions to add the user are using the Report Owner when the GUI uses the logged in user. Even though I had no issues adding the users ad the user running the API in the GUI, to programmatically add them I had to add the permissions to the user that was the Owner of the Report

2 Likes

Interesting, I didn’t realize that was the case. Glad you got it figured out!